On Tue, May 26, 2015 at 3:56 PM, Dan Carpenter wrote:
>> elt->length is a u8, so the upper bound is 255.
>
> Yes. I know that, but is 255 correct?
Eventually body->data is passed to oz_hcd_get_desc_cnf along with
data_len. In there, body->data (now called desc) is memcpy'd into a
URB transfer bu
On Tue, May 26, 2015 at 03:49:27PM +0200, Jason A. Donenfeld wrote:
> On Tue, May 26, 2015 at 3:32 PM, Dan Carpenter
> wrote:
> > On Tue, May 26, 2015 at 02:17:46PM +0200, Jason A. Donenfeld wrote:
> >> + data_len = elt->length -
> >> size
On Tue, May 26, 2015 at 3:32 PM, Dan Carpenter wrote:
> On Tue, May 26, 2015 at 02:17:46PM +0200, Jason A. Donenfeld wrote:
>> + data_len = elt->length -
>> sizeof(struct oz_get_desc_rsp) + 1;
>
> This was in the original code, but I wonder
On Tue, May 26, 2015 at 02:17:46PM +0200, Jason A. Donenfeld wrote:
> + data_len = elt->length -
> sizeof(struct oz_get_desc_rsp) + 1;
This was in the original code, but I wonder where the + 1 comes from.
Does anyone know?
To be honest, I
